145 research outputs found
Information hiding in SOAP messages: A steganographic method for web services
Digital steganography is the art and science of hiding communications; a steganographic system thus embeds secret data in public cover media so as not to arouse an eavesdropper’s suspicion. Hence, it is a kind of covert communication and information security. There are still very limited methods of steganography to be used with communication protocols, which represent unconventional but promising steganography mediums. In this paper, we discuss and analyze a number of steganographic studies in text, XML as well as SOAP messages. Then, we propose a novel steganography method to be used for SOAP messages within Web services environments. The method is based on rearranging the order of specific XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because of using the communication protocol as a cover medium, and since it keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value
Application of Web Server Benchmark using Erlang/OTP RII and Linux
As the web grows and the amount of traffics on the
web server increase, problems related to performance begin to
appear. Some of the problems, such as the number of users that
can access the server simultaneously, the number of requests that
can be handled by the server per second (requests per second) to
bandwidth consumption and hardware utilization like memories
and CPU. To give better quality of service (QoS), web hosting
providers and also the system administrators and network
administrators who manage the server need a benchmark
application to measure the capabilities of their servers. Later, the
application intends to work under Linux/Unix - like platforms
and built using ErlanglOTP RI] as a concurrent oriented
language under Fedora Core Linux 5.0. It is divided into two
main parts, the controller section and the launcher section.
Controller is the core of the application. It has several duties,
such as read the benchmark scenario file, con figure the program
based on the scenario, initialize the launcher section, gather the
benchmark results from local and remote Erlang node where the
launcher runs and write them in a log file (later the log file will be
used to generate a report page for the sysadmin). Controller also
has function as a timer which act as timing for user inters arrival
to the server. Launcher generates a number of users based on the
scenario, initialize them and start the benchmark by sending
requests to the web server. The clients also gather the benchmark
result and send them to the controller
Introductory Computer Forensics
INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic
Recommended from our members
Thwarting Attacks in Malcode-Bearing Documents by Altering Data Sector Values
Embedding malcode within documents provides a convenient means of attacking systems. Such attacks can be very targeted and difficult to detect to stop due to the multitude of document-exchange vectors and the vulnerabilities in modern document processing applications. Detecting malcode embedded in a document is difficult owing to the complexity of modern document formats that provide ample opportunity to embed code in a myriad of ways. We focus on Microsoft Word documents as malcode carriers as a case study in this paper. To detect stealthy embedded malcode in documents, we develop an arbitrary data transformation technique that changes the value of data segments in documents in such a way as to purposely damage any hidden malcode that may be embedded in those sections. Consequently, the embedded malcode will not only fail but also introduce a system exception that would be easily detected. The method is intended to be applied in a safe sandbox, the transformation is reversible after testing a document, and does not require any learning phase. The method depends upon knowledge of the structure of the document binary format to parse a document and identify the specific sectors to which the method can be safely applied for malcode detection. The method can be implemented in MS Word as a security feature to enhance the safety of Word documents
- …